Overview

overview

7

Static

static

3

b98d2bad09...98.exe

windows7-x64

7

b98d2bad09...98.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    122s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    07/03/2024, 20:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b98d2bad091a38101759f1637999c598.exe

  • Size

    28.7MB

  • MD5

    b98d2bad091a38101759f1637999c598

  • SHA1

    2b21a13bd15847dd5fcebfa9898810b7506d390e

  • SHA256

    011e09dc7f7799c50d8853c722bba145da18bf30553c3430ff30d9547522585a

  • SHA512

    4fd1566b94718de659d3c7dccf27693e1405ef72d79f713e271a77950a64bb9c3dc6b5626f6baa329e9e03008816340c496f716a118de0bf82e39854dc7ebb7e

  • SSDEEP

    786432:hUJTGvp4T6K/whwfFLnaR423qzxEXv8TvXdTQ+RXmqY/:h3hI6K/w2pnaR4PxEkTvXdZ2qY/

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b98d2bad091a38101759f1637999c598.exe
    "C:\Users\Admin\AppData\Local\Temp\b98d2bad091a38101759f1637999c598.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:1636

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nso211A.tmp\ButtonLinker.dll
    Filesize

    7KB

    MD5

    a7a8111c1aebd45a38fb06185b488b96

    SHA1

    09de15fdf30a0ae00d411337541096f5e349d316

    SHA256

    f481e2d873f1134525362030cc586be67a74d3d6d867eef18722104542ee20b8

    SHA512

    e835e1ea68ff3afe7537276058dd9d8bdd9e835efb57fbdb0aeb52a446a29488f4a1e3326521806feb8aeaea6872b01cd172282e025550d0824a63ba5494ef2a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nso211A.tmp\QvodInstaller.dll
    Filesize

    255KB

    MD5

    bf73a3a333b66635ec0dda08adb62d91

    SHA1

    ec2d263bde14887e7f63fa25555a3fc0f2923a93

    SHA256

    82ae5e6784ac28ace650ba09b95d9497bc595aae7af91ff4196cac19ab1ad63c

    SHA512

    eed373578e19fe39579b99e80df5f1b8555e345977ab29ce685b46ac4ca2f04468eb2bc6d931a5e262c959ec18c78cc257e34acfd2d42119fd41c03739c41ebf

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nso211A.tmp\System.dll
    Filesize

    11KB

    MD5

    959ea64598b9a3e494c00e8fa793be7e

    SHA1

    40f284a3b92c2f04b1038def79579d4b3d066ee0

    SHA256

    03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b

    SHA512

    5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64

    Download Submit